HackDig : Dig high-quality web security articles for hacker

An independent reviewer in the United Kingdom has called for a new “comprehensive” law to help define security services’ online surveillance powers.

According to BBC News, David Anderson QC, an independent reviewer of terrorism legislation, stated that a “clean slate” is needed in the approach to surveillance powers used by security services to combat serious crime and terrorism.

Anderson goes on to explain that a new law should replace the current surveillance framework, which in his words is “fragmented” and “obscure”.

Require the authorization of a judge for all instances of interception, which pertains to circumstances in which law enforcement officials are empowered to read the communication of a suspect. This would theoretically help to limit the Home Secretary’s power in this particular process.

Reviewers should bring up to date the definition of “communications data,” which currently refers to the who, when, and how but not the content of the actual information collected.

Security services should have the power to force providers to retain customers’ data for a period of time, which might extend to user interaction.

“Strict additional safeguards” should be placed on security and intelligence agencies, though they should be allowed to continue to practice “bulk collection” of intercepted material.

“No go areas” should be introduced with regards to encrypted communications, but a law-based system should be created to help manage the process of security forces requesting encryption keys.

A Question of Trust ultimately concludes by ruling that the Regulation of Investigatory Power Act, which was introduced 15 years ago to help monitor security and intelligence agencies’ surveillance powers, has been “patched up so many times as to make it incomprehensible to all but a tiny band of initiates.”

“Modern communications can be used by the unscrupulous for purposes ranging from cyber-attack, terrorism and espionage to fraud, kidnap and child sexual exploitation. A successful response to these threats depends on entrusting public bodies with the powers they need to identify and follow suspects in a borderless online world. But trust requires verification.”

Anderson’s recommendations follow on the heels of new legislation enacted by the United States government that will curtail somewhat the surveillance powers of the National Security Agency.

Out of concern for the extent to which the U.S. government can access people’s private information, Apple, Google, and other tech giants also wrote President Obama a letter earlier this week that urged him to not use national policies to weaken encryption technologies.